Describe the bug

For quite a lot users attempting to sign in immediately fails right at the SISU authenticate step, where it's supposed to start the authorization session and retrieve the URL for the sign in browser view.

This is caused by Xbox sending an error response that doesn't anything. We have no knowledge of the response code because Theseus doesn't log it. It just immediately fails, and the user receives a sad error message telling them to sign in with the correct account (wildly inaccurate suggestion) and debug info that says:

Minecraft authentication error: Failed to deserialize response to JSON during set up SisuAuthenicate: EOF while parsing a value at line 1 column 0

Steps to reproduce

1. Press sign in button.
2. Receive an error message.

Expected behavior

Theseus has certain discrepancies with SISU authenticate requests in Minecraft Launcher, specifically Theseus request:

• uses plain $.Query.code_challenge_method (MCL uses S256)
• uses an empty string for $.Query.state (MCL has a seemingly random string)
• lacks $.TitleId (MCL sets it to 1794566092)

Moreover, Theseus has no proper HTTP status code checks in place, instead offloading this to auth_retry function, which will bombard Microsoft servers 10 times after the first request fails, which perhaps can lead to UA being blocked or the user getting severely ratelimited. This can also hide the actual error response, because it's overshadowed by repeats.

System information

Universal, since the release of 0.7.0.

Additional context

The support portal is completely overwhelmed (ICOM-T7).

Probably unrelated to device token, as resetting it by deleting Minecraft authorization meta file doesn't do anything.

If you are interested in helping us with testing the possible fixes for this, please join our Discord server and respond to Geometrically's message in #technology channel.

Nightly build is available for testing for people experiencing the issue. We would really appreciate it if you could share with us whether it fixes the issue for you, so we can release this update to everyone sooner 🙌

Links to the nightly build:

• Windows
• macOS
• Linux

Hey all 👋

Thanks to everyone who tried out our previous nightly build. As we learnt, our those fixes didn't work well, and people still continue to experience the same issue. Although, for some it did actually work, and that is really great!

We are ready for another nightly build with even more fixes and we would appreciate if you can try it out as well. Here are the links to the newest build:

• Windows. Use the installer from msi to avoid updating issues in the future.
• macOS.
• Linux (Ubuntu 20.04).

Thanks for your help! 💚

Hey everyone 🙌

After a lot of successful reports, we can conclude that this error is actually caused by the time on device being out of sync. We'll update our support articles with instructions on how to resolve this soon™.

Explanation

When Modrinth App is making requests to Xbox servers, those requests are signed with a special private key on your device. The signatures also include a timestamp generated from your device's time at the moment of signature generation.

As it turns out, however, Xbox servers are incredibly sensitive to time, and the time discrepancy of ±4 minutes will lead to Xbox rejecting the request with 403 Forbidden error and no content body. This, in turn, will result in the Modrinth App's authorization flow failing and immediately giving you the ‘Unable to sign in’ window. Unfortunately, as we learnt, a mind-boggling amount of people also live with their clocks being off (seriously, people?! /hj).

The MCL solution

Minecraft Launcher solves this problem by using the server time returned by the first unsigned request to calculate the difference between your device's and server's time. Afterwards, whereas Minecraft Launcher needs time, it will just add the difference on top of your device's time and retrieve a more or less accurate time.

We'll be following the suit in the next update to Modrinth App, and will also use the server time when performing the signed requests. This should hopefully fix this problem for everyone.

What do I do now?

If you get this error, go to your time settings and enable options to automatically sync your time zone and time. Additionally, if your system gives you that option, run the time sync manually (Windows does allow that).

If you still get an error, that must be something else then, check the debug information and if's not the error in the original post, contact the support.

Acknowledgements

💚 Thanks for everyone on our support portal who followed our instructions and reported whether the suggestion to sync the time has immediately helped you. Because of you can confidently say that yes, this must've been it all this time. This was hands down one of the confusing issues that we had to triage.

Especially huge shoutout to Marije from our Discord community, who gave us the hint that this might be the issue. Who knows how much time we would've spent figuring this out! You're the real GOAT!

We'll keep the nightly version above visible, as it has improved debug messages that help us solve other issues that players face. But for now that's it, just wait for the next update and don't forget to sync your clocks to not live in the past 😉